**How to synchronise your Zentyal Backupdomaincontrollers**

A known limitation of Zentyal is that policies are not synchronised. To overcome this issue you can do the following:

On your Domain Controller

Install the Rsync application

  apt install rsync 
  apt install xinetd

Make sure that your RSYN_ENABLE is set to RSYNC_ENABLE=inetd in /etc/default/rsync

If you start your rsync-server through xinetd, you can use the following configuration file (/etc/xinetd.d/rsync):

   service rsync
   {
      disable         = no
      only_from       = 10.99.0.0/28     # Restrict to your DC address(es) or ranges, to prevent other hosts retrieving the content, too.
      socket_type     = stream
      wait            = no
      user            = root
      server          = /usr/bin/rsync
      server_args     = --daemon
      log_on_failure += USERID 
   }

Create the file /etc/rsyncd.conf (adapt the path variable to your PDC Emulators SysVol path):

   [SysVol]
   path = /var/lib/samba/sysvol/
   comment = Samba Sysvol Share
   uid = root
   gid = root
   read only = yes
   auth users = sysvol-replication
   secrets file = /root/.rsyncd.secret

Create a file /root/.rsyncd.secret (permissions must not be world-readable!) with the following content (adapt the password!):

   sysvol-replication:pa$$w0rd

Restart xinetd.

   service xinetd restart

**Now setup this on your backup domain controllers:**

Make sure, that you have identical IDs of built-in groups on all DCs. Install rsync by using your package manager or compile from source. Make sure, that you use a version that supports extended ACLs!
Create a password file /root/.rsync-sysvol.secret and fill it with the password you set on the PDC Emulator for the sysvol-replication rsync account (permissions of that file must not be world-readable!):

   pa$$w0rd

Make the file chmod 700 readable! 

For replicating the SysVol folder, run the following command (--dry-run means that no modifications are actually made):

   rsync --dry-run -XAavz --delete-after --password-file=/root/.rsync-sysvol.secret rsync://sysvol-replication@$yourdomaincontrollerip$/sysvol/ /var/lib/samba/sysvol/

If everything goes well you can schedule a cron job on your BDC:

   crontab -e

and put the following in the file without the quotes:

  "*/5 * * * *          rsync -XAavz --delete-after --password-file=/root/.rsync-sysvol.secret rsync://sysvol-replication@$yourdomaincontrollerip$/sysvol/ /var/lib/samba/sysvol/"


Repeat these steps on every BDC (except your PDC Emulator!).


That's all. 
\\
\\
Your ArtIT Team
\\
\\
**[[zentyal|BACK]]**